|
|
Colapse all |
Post message
[ GLSA 200501-32 ] KPdf, KOffice: Stack overflow in included Xpdf code 2005-01-23 Sune Kloppenborg Jeppesen (jaervosz gentoo org) [KDE Security Advisory] kpdf Buffer Overflow Vulnerability 2005-01-24 Dirk Mueller (mueller kde org) Internet Explorer URL obfuscation. 2005-01-22 Stewart, Graeme (gstewart firstrepublic com) (1 replies) All, The following (very simple!) code calls a URL in the browser window but fails to update the address bar in IE. Looks like the form submission is suspended with the interrupt of the 'window.alert' call. IE then fails to correctly handle. Might be helpful in facilitating phishing style attacks. [ more ] [ reply ] Siteman User Database Line Insertion Vulnerability 2005-01-22 shoalie sefid (shoaliesefid7 yahoo com) Siteman User Database Line Insertion Vulnerability Vulnerable Systems: * Siteman version 1.1.10 and prior Discovered By amironline452 (amiroline452 (at) alphahackers (dot) com [email concealed]) By Alpha Hackers Digital Security Team www.alphahackers.com www.amironline452.tk Exploit: #!/usr/bin/perl -w # # Exploit by sho [ more ] [ reply ] [ GLSA 200501-30 ] CUPS: Stack overflow in included Xpdf code 2005-01-22 Thierry Carrez (koon gentoo org) [ GLSA 200501-28 ] Xpdf, GPdf: Stack overflow in Decrypt::makeFileKey2 2005-01-21 Thierry Carrez (koon gentoo org) KDE Security Advisory: Multiple vulnerabilities in Konversation 2005-01-21 Waldo Bastian (bastian kde org) KDE Security Advisory: Multiple vulnerabilities in Konversation Original Release Date: 20050121 URL: http://www.kde.org/info/security/advisory-20050121-1.txt 0. References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0129 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN- [ more ] [ reply ] [SECURITY] [DSA 654-1] New enscript packages fix several vulnerabilities 2005-01-21 joey infodrom org (Martin Schulze) [SECURITY] [DSA 653-1] New ethereal packages fix buffer overflow 2005-01-21 joey infodrom org (Martin Schulze) ASH Hashing Algorithm 2005-01-20 seasonedpaper djc people inodetech com With the current class of cryptographic algorithms growing weaker we face an increasingly large problem. I went ahead took two SHA-2 algorithms and created ASH-1 and ASH-2. The modifications are algorithm neutral and fairly simple, but add security and flexibility to the SHA family. The hashing a [ more ] [ reply ] KDE Security Advisory: KOffice PDF Import Filter Vulnerability 2005-01-20 Waldo Bastian (bastian kde org) KDE Security Advisory: KOffice PDF Import Filter Vulnerability Original Release Date: 2005-01-20 URL: http://www.kde.org/info/security/advisory-20050120-1.txt 0. References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0064 http://www.idefense.com/application/poi/display?id=186&type [ more ] [ reply ] Microsoft NetDDE Service Unauthenticated Remote Buffer Overflow 2005-01-21 NGSSoftware Insight Security Research (nisr nextgenss com) NGSSoftware Insight Security Research Advisory Name: Microsoft NetDDE Service Unauthenticated Remote Buffer Overflow Systems Affected: Microsoft Windows NT/2000/XP/2003 Server Severity: High Vendor URL: http://www.microsoft.com/ Author: John Heasman [ john (at) ngssoftware (dot) com [email concealed] ] Date of Public Advisory: [ more ] [ reply ] Netscape Overflow. 2005-01-21 Carlos Ulver (carlos ulver gmail com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, i saw a flaw in IE that using a Javascript it could be possible to crash the browser. Berend-Jan Wever discovered this problem, which consist in the following script: <HTML> <SCRIPT> a = new Array(); while (1) { (a = new Array(a)).sort(); } < [ more ] [ reply ] [ GLSA 200501-29 ] Mailman: Cross-site scripting vulnerability 2005-01-22 Luke Macken (lewk gentoo org) Call for DEFCON Capture the Flag Organizers. 2005-01-22 The Dark Tangent (dtangent defcon org) Call for DEFCON Capture the Flag Organizers. ----------------------------------- Wanted: An evil large multinational corporation, or... An nefarious group of genius autonomous hackers, or... A shadowy government organization from somewhere in the world To: Host, recreate, and innovate the worlds m [ more ] [ reply ] Re: Advanced Guestbook 2005-01-22 Stewart Souter (webmaster carbonize co uk) In-Reply-To: <8ea2ac2004120211406650777b (at) mail.gmail (dot) com [email concealed]> This exploit does not exist. I wish people would actually check their facts before crying wolf. Advanced guestbook 2.3.1 already checks the URL as it is submitted. It uses the following if statement. if (htmlspecialchars($this->url) != "$thi [ more ] [ reply ] (MS05-002) Cursor and Icon Format Handling Vulnerability (PoC for all affected systems) 2005-01-22 houseofdabus HOD (houseofdabus inbox ru) Arbitrary files overwriting through skins in DivX Player 2.6 2005-01-21 Luigi Auriemma (aluigi autistici org) Mac OS X 10.3 iSync Privilege Escalation 2005-01-22 Braden Thomas (bjthomas usc edu) Hello everyone, a buffer overflow flaw has been discovered in the mRouter suid root binary installed by iSync in OS X 10.3 by default. Program: /System/Library/SyncServices/SymbianConduit.bundle/Contents/ Resources/mRouter Impact: Privilege Escalation (root access euid=0) Discovered: 12th Janu [ more ] [ reply ] bug report comersus Back Office Lite 6.0 and 6.0.1 2005-01-21 raf somers (beltech2bugtraq hotmail com) Software: Comersus ASP Shopping Cart Version: 6.0 Free version containing BackOffice Lite 6.0 and 6.01 Vendor: Comersus 1. Software Description -------------------- Comersus ASP shopping cart is a set of ASP scripts creating an online shoppingcart. It works on a database of your own choosing, [ more ] [ reply ] Various Buffer Overflows in Oracle 10g Tools 2005-01-20 Joxean Koret (joxeankoret yahoo es) (1 replies) ------------------------------------------------------------------------ --- Various Buffer Overflows in Oracle 10g Tools ------------------------------------------------------------------------ --- Author: Jose Antonio Coret (Joxean Koret) Date: 2004, 2005 Location: Basque Country ------ [ more ] [ reply ] Re: Various Buffer Overflows in Oracle 10g Tools 2005-01-22 David Litchfield (davidl ngssoftware com) iDEFENSE Security Advisory 01.20.05: 3Com OfficeConnect Wireless 11g AP Information Disclosure Vulnerability 2005-01-20 iDefense Customer Service (customerservice idefense com) 3Com OfficeConnect Wireless 11g AP Information Disclosure Vulnerability iDEFENSE Security Advisory 01.20.05 www.idefense.com/application/poi/display?id=188&type=vulnerabilities January 20, 2005 I. BACKGROUND The 3Com OfficeConnect Wireless 11g Access Point provides users with access to network re [ more ] [ reply ] |
|
Privacy Statement |
Gentoo Linux Security Advisory GLSA 200501-32
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
[ more ] [ reply ]